Trusted Design

最近のKEV情報

KEVとは

KEV(Known Exploited Vulnerabilities)とは、CISA(Cybersecurity and Infrastructure Security Agency)が公開している、既に悪用が確認されている脆弱性のリストです。組織はこのリストを参考にして、重要なセキュリティ対策を優先的に実施することが推奨されています。

本サイトは最新のKEV情報を提供し、過去のKEVファイルとの比較やCVEの詳細情報も確認できるようにすることを目標に作成しています。

30日以内にKEVに登録されたCVE

  • CVE-2022-20775:
    Cisco SD-WAN Path Traversal Vulnerability
  • CVE-2026-20127:
    Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
  • CVE-2026-25108:
    Soliton Systems K.K FileZen OS Command Injection Vulnerability
  • CVE-2025-49113:
    RoundCube Webmail Deserialization of Untrusted Data Vulnerability
  • CVE-2025-68461:
    RoundCube Webmail Cross-site Scripting Vulnerability
  • CVE-2021-22175:
    GitLab Server-Side Request Forgery (SSRF) Vulnerability
  • CVE-2026-22769:
    Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
  • CVE-2020-7796:
    Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
  • CVE-2024-7694:
    TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability
  • CVE-2008-0015:
    Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
  • CVE-2026-2441:
    Google Chromium CSS Use-After-Free Vulnerability
  • CVE-2026-1731:
    BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
  • CVE-2026-20700:
    Apple Multiple Buffer Overflow Vulnerability
  • CVE-2024-43468:
    Microsoft Configuration Manager SQL Injection Vulnerability
  • CVE-2025-15556:
    Notepad++ Download of Code Without Integrity Check Vulnerability
  • CVE-2025-40536:
    SolarWinds Web Help Desk Security Control Bypass Vulnerability
  • CVE-2026-21513:
    Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
  • CVE-2026-21525:
    Microsoft Windows NULL Pointer Dereference Vulnerability
  • CVE-2026-21510:
    Microsoft Windows Shell Protection Mechanism Failure Vulnerability
  • CVE-2026-21533:
    Microsoft Windows Improper Privilege Management Vulnerability
  • CVE-2026-21519:
    Microsoft Windows Type Confusion Vulnerability
  • CVE-2026-21514:
    Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
  • CVE-2025-11953:
    React Native Community CLI OS Command Injection Vulnerability
  • CVE-2026-24423:
    SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
  • CVE-2021-39935:
    GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
  • CVE-2025-64328:
    Sangoma FreePBX OS Command Injection Vulnerability
  • CVE-2019-19006:
    Sangoma FreePBX Improper Authentication Vulnerability
  • CVE-2025-40551:
    SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

リンク

KEV一覧へ
KEV履歴へ